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Abstract 

Kleene algebra (KA) is the algebra of regular events. Familiar examples of Kleene algebras 
include regular sets, relational algebras, and trace algebras. A Kleene algebra with tests (KAT) 
is a Kleene algebra with an embedded Boolean subalgebra. The addition of tests allows one 
to encode while programs as KAT terms, thus the equational theory of KAT can express 
(propositional) program equivalence. More complicated statements about programs can be 
expressed in the Hoare theory of KAT, which sufflces to encode Propositional Hoare Logic. 

That the equational theory of KAT reduces to the equational theory of KA has been shown 
by Cohen et al. Unfortunately, their reduction involves an exponential blowup in the size of the 
terms involved. Here we give an alternate feasible reduction. 

1 Introduction 

The class of Kleene algebras is defined by equations and equational implications over the signature 
{0, 1, +, •,* }. Some well-known examples of Kleene algebras include relational algebras, trace alge- 
bras, and sets of regular languages (see [1] for more examples and applications). In fact, the set of 
regular languages over an alphabet S is the free Kleene algebra on E. That is, given two KA terms 
a and (3, a = (3 modulo the axioms of Kleene algebra if and only if a and (3 denote the same regular 
set [3] . A Kleene algebra with tests is a Kleene algebra with an embedded Boolean subalgebra (the 
complementation function is only defined on Boolean terms). 

Adding tests allows the encoding of while programs as KAT terms. As a result, the equational 
theory of KAT suffices to express (propositional) equivalence of while programs. Moreover, Propo- 
sitional Hoare Logic can be encoded in the Hoare theory of KAT (equational implications of the 
form r = ^ p = q), and furthermore the Hoare theory of KAT reduces efficiently to the equational 
theory of KAT. Combining all of these reductions shows that the equational theory of KA can be 
used to express interesting properties of programs succinctly. See [5], [5], and [3] for details. 

In [5], it is shown that the equational theory of KAT reduces to the equational theory of KA. 
Unfortunately, the reduction used can increase the size of the terms involved exponentially. We given 
alternate reduction, which increases the size of the terms by only a polynomial amount. This paper 
is organized as follows. In section 2, we provide the relevant definitions and recall the encoding of 
finite automata as Kleene algebra terms. In section 3, we prove some useful theorems of Kleene 
algebra used for reasoning about automata and give an overview of guarded string algebras. In 
section 4, we give a feasible reduction from a KAT term to an automaton encoded as a KA term. 
In section 5, we remark that the Hoare theory of KA(T) can be efficiently reduced to the equational 
theory of KA(T), and in section 6 we make an observation concerning automata constructed from 
KAT terms representing deterministic while programs. 
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2 Background 



In this section, we describe our proof system and recall some useful facts about KA(T). The axiom- 
atization of Kleene algebra, results about matrices, and the encoding of automata as KA terms are 
from 1]. The definition of KAT is from [B]. 



2.1 Equational Logic 

By "proof" , we mean a sequent in the equational implication calculus. Let a, /3, 7, S be terms in the 
language of Kleene algebra. The equational axioms are: 
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We consider these Horn formulas to be implicitly universally quantified. 



Let $ be a sequence of equations or equational implications, e an equation, a Horn formula, and tp 
an equational axiom or an axiom of KA (given below). Let ct be a substitution of terms for variables. 
The rules of inference are: 

H a[yj) e f- e 



and the structural rules which allow us to treat a sequence of formulas as a set of formulas. For a 
proof that this is a complete deductive system, see [TU]. We also allow "substitution of equals for 
equals". For example, from a — b, conclude c(a + 1) = c{b + 1) in one step. 



2.2 Kleene Algebra 

We now state the axioms of Kleene algebra. The first are the idempotent semiring axioms. Note 
that we abbreviate a ■ f3 as af3. 

1. {a + b)+c = a+{b + c) 

2. a + b = b + a 

3. a + = a 

4. a + a = a 

5. {ab)c = a{bc) 

6. la = al = a 

7. a(b + c) = ab + ac 

8. (a + b)c — ac + bc 

9. Oa = Oa = 
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In any idempotent semiring, addition can be used to define a partial order: 

x<y^x + y = y. 
For brevity, we add the symbol < to the language. 
There are four axioms involving *. The equational axioms are: 

10. l + xx* =x* 

11. 1 + X*X = X* 

There are also two equational implications: 

12. b + ax < X ^ a*b < x 

13. b + xa < X ^ ba* < x 

The equational implications guarantee unique least solutions to the linear inequalities 

b + aX<X 
b + Xa<X 

in the presence of the other axioms. 

2.3 Kleene Algebra with Tests 

A Kleene algebra with tests is a Klccnc algebra with an embedded Boolean subalgebra; Boolean terms 
are called tests. Formally, a Kleene algebra with tests is a two-sorted structure {K, B, +, ■* ,~ , 0, 1) 
such that {K, +, •,* , 0, 1) is a Kleene algebra and {B, +, ■~ , 0, 1) is a Boolean algebra. Note that 
complementation is only defined on tests. 

We use the following axiomatization of Boolean algebra. Let b, c, d be Boolean terms. 

1. KA ax;ioms 1-9 

2. = 1; 1 = 

3. 6+1 = 1 

4. bb = bb = 

5. ! = 6 

6. bb = b 

7. b + c = bc; bc = b + c 

8. bc = cb 

9. b + cd= {b + c){b + d) 

Any Boolean term b satisfies b < 1. Since 1* = 1 and * is monotonic, the KA ax;ioms imply 
b* = 1. Note that any Kleene algebra can be viewed as a KAT with {0,1} as the two-element 
Boolean subalgebra. 
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2.4 Matrices and Automata 



The Kleene algebra axioms imply that the set oinxn matrices over a KA also forms a KA. Addition 
and multiplication of matrices are defined in the usual way, is interpreted as the n x n zero matrix, 
and 1 as /„. Equality and the partial order < are defined componentwise. To define the star of an 
n X n matrix, we first define the star of a 2 x 2 matrix: 



a b 




■ {a + hd*c)* 


{a + bd*c)bd* 


c d 




(d + ca*b)ca* 


{d + ca*b)* 



We then extend this definition to arbitrary square matrices inductively. Given a square matrix E, 
partition E into four submatrices 



E = 



' A 


B ' 


C 


D 



such that A and D are square. By induction. A* and D* exist. Let F = A + BD*C. Then 



E* = 



p* 


F*BD* 


D*CF* 


D* - 


^D*CF*BD* 



It is a consequence of the KA axioms that any partition may be chosen to compute E* . 

In [5], it is shown that the set of n x n matrices over a Kleene algebra with tests is a Kleene 
algebra with tests. The Boolean subalgebra is the set of matrices with Boolean terms on the diagonal 
and all other entries equal to 0. 

At several points in the proof below, we will have to reason about non-square matrices. We would 
like to know whether the theorems of Kleene algebra hold when the primitive letters are interpreted 
as matrices of arbitrary dimension and the function symbols are treated polymorphically. In general, 
the answer is no. However, there is a large class of theorems for which this does hold, and they 
suffice for our purposes. See [7] for a thorough treatment of this issue. 

We now recall how to use matrices over a KA to encode finite automata. 

Definition 1. An automaton over a Kleene algebra K is a triple {u,A,v) where u and v are n- 
dimensional vectors with entries from {0, 1} and A is an nx n matrix over K . The vector u encodes 
the start states of the automaton and is called the start vector. The vector v encodes the accept 
states of the automaton and is called the accept vector. The matrix A is called the transition matrix. 
The language accepted by {u,A,v) is u'^A*v. The size of {u,A,v) is the number of states, i.e., if A 
is an n X n matrix, then the size of {u, A, v) is n. 

This definition is a bit general for the purposes at hand. Given an alphabet E, let JFs be the free 
Kleene algebra on generators S. Over J-^, the definition of an automaton given above is essentially 
the same as the classical definition of a finite automaton. In the sequel, all automata are over some 
J-^. Furthermore, most of the automata we consider have uncomplicated transition matrices. 

Definition 2. Let {u,A,v) be an automaton over J- The automaton {u,A,v) is simple if A can 

be expressed as a sum 

A = J +^a - Aa 

where J and each Aa is a 0-1 matrix. 

The automaton {u, A, v) is e-free if J is the zero matrix. 

The automaton (u, A, v) is deterministic if it is simple, e-free, and u and all rows of each Aa have 
exactly one 1. 
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Given an automaton {u,A,v), we denote the transition relation encoded by A as Sa, and the 
extended transition relation defined on (states, words) as Sa- Given an a S S, we denote the restric- 
tion of Sa to only a-transitions by S'\. For transition matrices A,B,C', we denote the underlying 
state sets of the automata by A, B, C. We now state the theorems of KA which we will use to reason 
about automata. 

3 Useful Theorems of KA 

The completeness result of 4 uses the fact that automata can be encoded as KA terms. To simplify 
proofs, we add several theorems of Kleene algebra involving automata to our list of allowable rules 
of inference. For each theorem we add, it will be clear that the hypotheses of the theorem are easy 
to check, so proofs constructed using these new rules of inference are verifiable in polynomial time. 
Several of the theorems about automata are based on the following theorems of Kleene algebra: 

{x + y)* =x*{yx*)* 
ay = yb ^ a*y = yb* 
x{yx)* = {xy)*x. 

These are known as the denesting, bisimulation, and sliding rules, respectively. See [1] for a proof 
that these rules are consequences of the KA axioms. 

We now provide an overview of guarded string algebras, which are models of the KAT axioms. 
For a more detailed introduction, see 5]. Guarded string algebras play the same role for KAT that 
regular languages do for KA; two KAT terms ti and ^2 are equivalent modulo the axioms of Kleene 
algebra with tests if and only if they denote the same set of guarded strings. 

Let P and B be finite alphabets. Elements of P are called atomic programs, and elements of B 
are called primitive tests (to distinguish them from atomic elements of the Boolean algebra generated 
by B). Guarded strings are obtained from each word w G P* by interspersing atoms of the free 
Boolean algebra on B among the letters of w (we require that a guarded string both begins and ends 
with an atom). Let 6i,62,...,6„ be the elements of B. Recall that an atom a of the free Boolean 
algebra on _B is a product of the form 

a = C1C2 • • • c„ 

where Ci € {bi,bi} for each i. We require an ordering on the literals appearing in an atom so that 
there is a unique string denoting each atom. Let Ab denote the set of atoms. 

Given a guarded string x, let first(x) be the leftmost atom of x, and last(a;) be the rightmost 
atom of x. We define a partial concatenation operation on guarded strings, denoted o, as follows. 
Given two guarded strings, x and y, let x = x'a and y = (3y' , where a =last(a;) and /3 ~ &rst(y). 

Define 

xoy = x'ay', if a = /3, undefined otherwise. 

We now give interpretations of the KAT operations on sets of guarded strings. Let C and D be 
sets of guarded strings. Define 

C+D^CUD 

C ■ D ^ {xoy \ X eC, yeD} 

C"^Ab 

C*-U„>o C"- 

We must also interpret the complementation function. Let C be a set of guarded strings such that 
C C Ab. Define _ 

C = Ab-C. 
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Using these operations, we can define a function G from KAT terms to sets of guarded strings 
inductively. The base cases are: 

G(0) = 

G(l) = {a I a G Ab} 

G{b) = {a I a — > 6 is a prepositional tautology} 
G{p)^{apl3\a,l3eAB}. 

In [S] , the completeness of the guarded string model for the equational theory of KAT is shown 
by a reduction from the equational theory of KAT to the equational theory of KA. This is achieved 
by transforming a KAT term t into a KAT-equivalent term t' such that R{t') = G{t). Unfortunately, 
the term t' may be exponentially longer than t. We give an alternate construction. Given a term i, 
we construct an automaton (u, A, v) such that t = A*v modulo the axioms of KAT, and (u. A, v) 
accepts precisely the set of guarded strings denoted by t. The automaton (it. A, v) will be polynomial 
in the size of t. 

We need a few additional theorems of Kleene algebra in our construction. The extra axioms 
satisfied by Boolean terms, particularly multiplicative idenipotence and star-triviality, complicate 
the construction of the automaton. We overcome these difficulties by selectively applying the Boolean 
axioms to Boolean terms. That is, we first treat Boolean terms simply as words over an alphabet, 
and apply the lemmas below. However, these lemmas produce automata which are not simple. In 
the inductive construction in section 4.3 we then use the Boolean axioms to simplify the transition 
matrices. Note, however, that the two lemmas below are theorems of Kleene algebra, and do not 
require the Boolean axioms. 



3.1 The KAT Concatenation Lemma 

The KAT concatenation lemma is based on the following alternate way of constructing an automaton 
accepting the concatenation of two languages. The standard construction of such an automaton is to 
connect the accept states of the first automaton to the start states of the second with e-transitions. 
However, we could also do the following: for each state i of {u, A, v) with an outgoing x transition to 
an accept state, and each state j of (s, B, t) with an incoming y transition from a start state, add an 
xy transition from i to j. Note that we allow x and y to be arbitrary elements of a Kleene algebra, not 
just letters in E. This construction yields an automaton accepting A*vs^ B*t, provided neither 
{u,A,v) nor {s,B,t) has a state which is both a start state and an accept state, which we can 
represent algebraically as u^v — 0, s"^t — 0. This idea is the crux of the KAT concatenation lemma. 
The lemma itself looks rather complicated, so we explain how it will be used. In the construction 
in 5.2, we will have two e-free automata, {ui, Ai,vi) and (u2, A2,f2)- Each of these automata will 
be the disjoint union of two automata: 



{ui,Ai,Vi) 





" 





B^ 



t^ 



It will be the case that neither of them accept the empty word, i.e., 



ojr, = 



sjt^ = 

for i = 1,2. The construction will require an automaton accepting 

L = {olClrxs^B*^t2) + {slBltiolc;r2) + (s^B*tisjB2*t2). 
Let $ be a sequence of equations or equational implications. The KAT concatenation lemma, 
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allows us to do this. 

The proof is a straightforward calculation: 
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oJClCirislB2B*2t2 + slBlBitiolC2C*2r2 + sj BlBihs^ B2B*2t2. 

Using the hypotheses, it is easy to show that this sum is equal to L. The proofs involved are of the 
following form: 

oJClri = oJ{\ + Ci*Ci)ri 



3.2 The KAT Asterate Lemma 

Let (m, a, v) be a simple, e-free automaton and 7 be a regular expression. Suppose u^A*v = 7. 

The standard construction of an automaton accepting 77* proceeds by adding e-transitions from 
the accept states of {u, A, v) back to its start states. Suppose {u, A, v) has no paths of length or 
1 from a start state to an accept state, which we can model algebraically as u^v = 0, vT-Av = 0. In 
this case, we can construct an automaton accepting 77* from (m. A, v) with the following procedure: 
for each state i with an outgoing x transition to an accept state, and each state j with an incoming 
y transition from a start state, add an xy transition from i to j. This automaton, although not 
simple, accepts 77*. This idea is the basis of the KAT asterate lemma. 

Suppose {u, A, v) is the disjoint union of two automata, (o, C, r) and (s, B, t). Also suppose that 
o^C*r < 1, and s'^t + s^Bt = 0, which implies s^B*t = s^B*BBt. Under these conditions, we can 
apply the KAT asterate lemma: 

$ h o^C*r < 1 $ h s^BH = s^B*BBt 
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Note that B + Bts^ B algebraically encodes the alternate asterate construction. 

Since {u, A, v) is the disjoint union of (o, C, r) and (,s, B, t), it is easy to show that 



u^A*v = o^C*r + s^B*t. 



By KA axiom 10, 

{u'^A*v)* = 1 + u'^A*v{u'^A* 

We can now substitute: 
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1 + u^A*v{u'^A*vy = 1 + (o^C*r + s'^ B*t){o^ C*r + s'^B*t)*. 
By the denesting rule of Klccnc algebra, 

1 + (o^CV + s^B*t){o^C*r + s^B*t)* = 1 + {o^C*r + s'^ B*t){o^C*ry{s'^ B*t{o^C*ry)* . 

Since o^C*r < 1, (o^CV)* = 1. We can simplify: 

1 + {o^C*r + s'^B*t){o'^C*r)*{s'^B*t{o^C*r)*y = 1 + {o^C*r + s'^ B*t){s^ B*ty . 
By distributivity and axiom 10 again, 

1 + {o^C*r + s'^ B*t){s'^ B*ty = 1 + s^B*t{s^B*ty. 

At this point, we have shown that A*v = 1 + B*t{s^ B*ty . It remains to be shown that 
under the assumption s^B*t = s^B*BBt, 

s'^ B*t{s^ B*ty = s^{B + Bts^Byt. (1) 

Reasoning algebraically, 

s'^ B*t{s'^ B*ty = s^B*BBt{s^B*BBty 
= s^B*B{Bts^B*ByBt 
= s^BB*{Bts^BB*yBt 
= s^B{B + Bts^ByBt. 
The following equation is an easy consequence of the axioms of Kleene algebra: 

{B + Bts^By = 1 + Bts^B{B + Bts^By + {B + Bts^ByBts^B + B{B + Bts^ByB. 

Multiplying the equation on the left by , on the right by i, and simplifying using s^t = and 
s^Bt = yields 

s^{B + Bts^Byt = s^^B{B + Bts^ByBt. 

This proves (1). We now add the trivial one-state automaton to the automaton {s,B + Bts^B,t), 
completing the proof of the KAT asterate lemma. 

4 KAT Term to Automaton 

In this section, we give the transducer which takes as input a KAT term t and outputs an automaton 
accepting G{t). Before constructing the automaton, it must convert t into a well-behaved form. 

4.1 Only Complement Primitive Tests 

The machine first uses the De Morgan laws and the Boolean axiom 6 = 6 to transform a term t 
into an equivalent term t' in which the complementation symbol is only applied to atomic tests. 
If we interpret t' as a regular expression, then R{t') C (P U i? U By, where _B = {6 | G B}. 
The transducer works as follows. On input t, it copies t onto its worktape and onto the output 
tape. Then, starting at the root of the syntax tree of t, it works it way down the tree until it finds 
a subtree containing only Boolean terms such that either some term is complemented twice, or a 
conjunction or disjunction appears under the complement symbol. It then applies the appropriate 
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axiom to this subtree, overwrites its worktape contents, and then outputs the updated term. The 
machine then begins searching again at the root of the tree. When it scans the whole tree and does 
not have to apply any axioms, it stops. The transducer requires only polynomially many worktape 
cells. Furthermore, the increase in the size of the term is negligible. At the end of this stage, it has 
t' written on its worktape. 



4.2 New variables for atoms 

For the remainder of the construction, it is advantageous to treat each atom as a single letter. Let 
z = 2l^l. The machine generates z many new variables, xi,X2, ■■■,Xz- For each i, it outputs the 
equation 

Xi — CXi 

where is the i**^ atom. The automaton constructed below uses the alphabet P U {xi,X2, x^}- 
It is a routine matter to verify that two KAT terms denote same set of guarded strings if and only if 
they denote the same set of words after performing this substitution. For the rest of the construction, 
we use the terms "guarded strings" and "guarded strings after this substitution" interchangeably. 



4.3 Constructing the Automaton 

Now that the preprocessing of the term is complete, the machine constructs the automaton. The 
construction is inductive and resembles the construction the proof of Kleene's theorem. However, the 

machine will maintain several invariants throughout the construction which were not necessary in 
the pure Kleene algebra case. At a given substage, let (u. A, v) be the final automaton constructed. 
The automaton {u, A, v) will satisfy: 

• (m, a, v) is simple and e-free. 

• (w. A, v) is the "disjoint union" of two automata, (o, C, r) and (s, B, t), or just (o, C, r), or just 
is,B,t). 

• {s, B, t) accepts only words of length two or more, so., s^B*t = s^B*BBt. 

• (o, C, r) is a two state automaton accepting only one-letter words from the alphabet {xi,X2, x^}- 

• The first two states of (u, A, v) arc the states of (o. C, r) (if (o, C, r) is nonempty). 

The base case of the induction is as follows. For an atomic term a, a denotes the automaton 
constructed. For an atom Xi and a primitive test b, Xi < b means that ajj — > 6 is a propositional 
tautology. 

6 = (0,0,0) 



b = 
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For each automaton, the machine must prove that the language it accepts is KAT-equivalent to the 
appropriate atomic term. There are finitely many atomic terms, so the machine can store all of the 
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necessary proofs in its finite control. Note that this expansion increases the size of a term by only 
a constant amount, although the constant is exponential in Cf. the proof that the Boolean 
algebra axioms entail all prepositional tautologies. 

We now treat the inductive step of the construction. The easiest automaton to construct is that 
for addition. Suppose we have two automata {ui,Ai,vi) and (w2,^2,W2), such that ujA^vi = 7 
and U2A2V2 = S. By induction, {ui,Ai,vi) is the disjoint union of (oi,Ci,ri) and (si,Si,ti), 
and (^2,^2,1^2) is the disjoint union of (o2,C2,r2) and {s2,B2,t2)- The machine first proves the 
equations 

ujAlvi = oJC*ri + sjBlti 

U2A2V2 = 0jC2r2 + 52-32*2- 

It then outputs a proof that 

7 + ^ = {oJCln + 0JC2V2) + sjBlti + slB^t2. 

The machine can now construct a two-state automaton (o, C, r) which accepts {o^Clri + 02 C|r2), 
then apply the addition construction from 4.1 to (o, C, r), (si, ti), and (32,^2, ^2)- This yields 
an automaton (m, A, v) which satisfies the invariants and accepts 7 + (5. Note that there are only 
finitely many possibilities for (oi, Ci, ri) and (02, C2, r2), so the machine can prove 

o^C*r = oJCln + 0JC2V2 

using data from its finite control. 

The automaton for the product of two terms is more complicated. Again, let {u\,Ai,v{) and 
{u2,A2,V2) be two automata such that ujA\vi = 7 and UJA2V2 = S. As in the case for addition, 
we use the fact that each of these automata is the disjoint union of two automata: 

ujAlvi = oJC^n + sjB^h 
UJA2V2 = oJC2r2 + S2 -52*2- 
The machine can output a proof of the equations 

j6 = {oJC^n + .sjBlt,)(o'^C;r2 + sjB*t2) 
= {ol^C*,r,o'^C;r2) + (oj C^nsJ B;t2) + {sj Bltio'^C;r2) + {sj B^hs'^ B;t2). 

The term (o| CJ'rioJC|r2) is a sum of atoms after simplifying using the Boolean axioms. The 
machine can construct a two-state automaton (o, C, r) accepting this sum. Since there are only 
finitely many choices for oJClri and oJC2r2, all of the necessary proofs can be stored in the finite 
control of the machine. 

Let (s, B, t) be the automaton 
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The machine first outputs proofs of the hypotheses of the KAT concatenation lemma. It can then 
output 

s'^B*t = {oj Girls'^ B;t2) + {sj BttioJCir2) + {sjBltis'^B^t2), 
which follows from the KAT concatenation lemma. 
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The machine now constructs a simple automaton {s,B',t) by simpUfying the transition matrix 
for (s, t) using the Boolean axioms and outputs a proof of the equivalence of (s, _B, t) and (s, B' ,t). 
It then adds the automata (o, C, r) and (s, B' , t) together to get (u, A, v), and outputs a proof of the 
equation 

A*v = 7(5. 

Finally, we come to the construction for *. Let {u, A, v) be an automaton such that u^A*v = 7. 
This automaton is the disjoint union of two automata, (o, C, r) and (s, B, t) such that (o, C, r) accepts 
a sum of atoms and (s, i3, i) accepts no words of length less than two. The machine first outputs 
proofs that 

o'^CV < 1 
s'^B*BBt ^ s'^Bt. 

These facts follow from the Boolean axioms and the equation s^t + Bt — 0. 
The machine can now output 

" 1 

s 

which follows from the KAT asterate lemma. Finally, the machine can apply the Boolean axioms to 
each entry of 



■ 1 


" 







h Bts^ B 



to produce an equivalent simple, e-free transition matrix D (1 becomes the sum of all atoms). It 
can then output a proof of 



" 1 ■ 


T 

D* 


■ 1 " 


s 




t 



The proof that the automaton constructed for a term t accepts precisely the guarded strings 
denoted by t is a straightforward induction. 



1 







1 





B- 


h Bts^'B 




t 



5 Reducing the Hoare Theory of KA(T) to the Equational 
Theory of KA 

Finally, we make the simple observation that the reductions in [5] and [5] don't significantly increase 
the size of the terms. 

Theorem 1. Proofs of equational implications in the Hoare Theory of KA(T) can be produced by a 
P SPACE transducer. 

Proof. Given an alphabet S — {ai, 02, a„}, let u — ai + a2 + • • • + a„. In ,2J, it is shown that 

s = t s + uru ~ t + uru 

is a Kleene algebra congruence, therefore {r — Q ^ p = q) ^ {p + uru = q + uru). The same 
reduction works for KAT, as is shown in ^ - in this case u is only defined to be the sum of all of the 
atomic programs, not the atomic tests. The transformation from r = {i^p = q to p + uru = q + uru 
involves only a constant increase in size. □ 
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6 Deterministic while Programs 



Let P be a set of atomic programs, and i? be a set of atomic tests. In [B], it is shown how to encode 
deterministic while programs as KAT terms: 



Let t be a KAT term which is an encoding of a deterministic while program. Let g be a guarded 
string over {P U As)- It is easy to see that the automaton {u, A, v) constructed from t in section 4 
satisfies the following: 

• There is only one start state s of (m, A, v) with an outgoing transition labeled by an atom x 
such that first (g) = x. 



Therefore, when considering the deterministic automaton (s, D, t) obtained from {u, A, v) by the 
standard subset construction, all states of (s, D, t) corresponding to more than one state of {u, A, v) 
are inaccessible. This implies that, given two KAT terms ti and ^2, using the above procedure 
to construct automata for each term and then using the procedure in [llj to generate proofs of 
equivalence of the automata yields proofs which are only polynomial in \ti \ + \t2\- 
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p;q^pq 



if b then p else q = bp + bq 



if b then p = bp + b 
while b do p = {bp)*b. 



• \5A{s,g)\<l. 
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